Security blunder leaves Cahoot red faced

By on

The discovery of a serious security flaw caused online bank Cahoot to shut down its website yesterday (Thursday) for 10 hours while the fault was fixed.

Customers had reported that they could view other users' accounts without knowing their passwords. All they needed was the username to gain access to other customers' details.

While Cahoot insisted that nobody had lost money as a result of the flaw, which occurred after a system update more than a week ago, observers predicted it could damage faith in online banking.

"I think it will probably set back the industry six months," said Graham Titterington, principal analyst at ICT consultant Ovum. "Internet banking will recover in time but this will most certainly dent confidence."

Head of Cahoot, Tim Sawyer, hit back. "We resolved the problem quickly, and because of this six months is clearly an overstatement," he said.

Cahoot further defended its position, assuring customers they were not in danger of having money taken out of their accounts. "This problem has arisen as a result of a change we made to our IT system several days ago. We took it very seriously and brought in external ethical hackers to make sure the system is now completely safe," a company spokesperson said.

Banking association APACS insist that banking online is almost entirely secure. "14 million people bank online now and that's a two-fold increase in the last two years," said Sandra Quinn, director of corporate communications. "Customers find banking via the internet convenient. It's much more secure than using a credit card. I really don't think this will have a massive affect on business."

But Titterington said customers will remain cautious. "This is an object lesson for banks in general. No system is 100 percent safe," he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?